Email scams hit bank customers

Police are warning bank customers to be extra-vigilant after email phishing scams that have targeted customers at two banks in a week.

On Wednesday a hoax email alert was sent to BNZ customers urging them to confirm their bank account details as part of a company software upgrade to "improve the quality of services".

Nearly 100 customers followed the link, which allowed scammers to reply with a confirmation email.

The confirmation carried a programme capable of viewing everything the customer did on the computer from then on.

On Friday afternoon National Bank customers were hit by a different phishing scam which said their accounts would be terminated if they did not restore access - a process that had to be done by clicking on a link.

Doing that, and filling in the required information, would have given the scammers access to account details.

Both banks immediately posted warnings on their websites and gave customers information on what to do if they had followed the links.

National Bank spokesman Robert Reid said it was difficult to say how many customers received the emails but he was not aware of anyone falling prey to the scammers on Friday afternoon.

BNZ spokeswoman Brenda Newth said between 80 and 90 customers had followed the bogus link and confirmed their details for the scammers.

She said BNZ had a security system which required two forms of identification before customers could access their online accounts.

That system would have made it difficult for the scammers to access customer accounts, even if they had the passwords and personal details.

As a result, Ms Newth was not aware of any of the affected customers having lost money.

However, Maarten Kleintjes, national manager at the police electronic crime laboratory, said the BNZ scam appeared to be a trojan horse which carried other risks.

He said the trojan horse was like a spy "camera" which allowed the scammers to view everything a person did on their computer - from paying bills to viewing sites that required other access codes and passwords.

The scammers could watch for credit card numbers during a transaction or use passwords to enter other sites and make purchases under a false identity.

Mr Kleintjes said the trojan horses were an example of the ever-changing nature of phishing scammers who were coming up with new ways to beat security systems.

"It's relentless and persistent and it's getting more and more sophisticated."

Phishing emails now accounted for 15 per cent of all circulating emails.

In January 17,000 phishing scams were in circulation around the world and a survey last year found that 51 per cent of New Zealand businesses had been targets.

Mr Kleintjes did not know details about the National Bank phishing scam because he had been away for the weekend - something scammers played on.

"They know law enforcement goes home, the banks go home and everybody else goes home, so they get the maximum benefit out of it by releasing it just before the weekend."

The best way people could protect their details was to keep up to date with the latest security software.

"It's important for people to realise that there cannot be privacy without security. If you are not sure you can always ring the bank, but make sure you have a firewall, anti-virus and anti-spyware."

Mr Kleintjes said anti-spyware would prevent the spy "cameras" from being downloaded on computers.

Other measures, such as the one the BNZ has in place, helped prevent scammers using details they collected.

Email phishing

15 per cent of all emails are likely to be phishing scams.

Bank scammers often hit just before the weekend when customers are most vulnerable.

How to avoid it

Banks will never ask for your account details.

If you get an email asking you to supply them, delete it. Call your bank if you are not sure about the authenticity of such an email.

Install firewalls, anti-spy and anti-virus programmes, many of which are free.